키로 인증하기 #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy testflight | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| jobs: | |
| deploy: | |
| runs-on: macos-latest | |
| env: | |
| XC_WORKSPACE: ${{ 'pins.xcodeproj' }} | |
| XC_SCHEME: ${{ 'Release' }} | |
| XC_ARCHIVE: ${{ 'pins.xcarchive' }} | |
| # certificate | |
| ENCRYPTED_CERT_FILE_PATH: ${{ '.github/secrets/certification.p12.gpg' }} | |
| DECRYPTED_CERT_FILE_PATH: ${{ '.github/secrets/certification.p12' }} | |
| CERT_ENCRYPTION_KEY: ${{ secrets.CERTS_ENCRYPTION_PWD }} | |
| # provisioning | |
| ENCRYPTED_PROVISION_FILE_PATH: ${{ '.github/secrets/pins_GithubActions.mobileprovision.gpg' }} | |
| DECRYPTED_PROVISION_FILE_PATH: ${{ '.github/secrets/pins_GithubActions.mobileprovision' }} | |
| PROVISIONING_ENCRYPTION_KEY: ${{ secrets.PROVISION_ENCRYPTION_PWD }} | |
| # certification export key | |
| CERT_EXPORT_KEY: ${{ secrets.CERT_EXPORT_PWD }} | |
| KEYCHAIN: ${{ 'test.keychain' }} | |
| steps: | |
| - name: Checkout project | |
| uses: actions/checkout@v3 | |
| - name: Create Secrets File | |
| run: | | |
| echo "GOOGLE_API_KEY=${{ secrets.GOOGLE_API_KEY }}" >> Secrets.xcconfig | |
| echo "GCM_SENDER_ID=${{ secrets.GCM_SENDER_ID }}" >> Secrets.xcconfig | |
| echo "GOOGLE_APP_ID=${{ secrets.GOOGLE_APP_ID }}" >> Secrets.xcconfig | |
| echo "REVERSED_CLIENT_ID=${{ secrets.REVERSED_CLIENT_ID }}" >> Secrets.xcconfig | |
| - name: Print Current Working Directory | |
| run: pwd | |
| - name: Move Secrets File to Resources | |
| run: | | |
| mv Secrets.xcconfig pins/Resources/ | |
| - name: Select latest Xcode | |
| run: "sudo xcode-select -s /Applications/Xcode.app" | |
| - name: Configure Keychain | |
| run: | | |
| security create-keychain -p "" "$KEYCHAIN" | |
| security list-keychains -s "$KEYCHAIN" | |
| security default-keychain -s "$KEYCHAIN" | |
| security unlock-keychain -p "" "$KEYCHAIN" | |
| security set-keychain-settings -lut 1200 | |
| security list-keychains | |
| - name : Configure Code Signing | |
| run: | | |
| gpg -d -o "$DECRYPTED_CERT_FILE_PATH" --pinentry-mode=loopback --passphrase "$CERT_ENCRYPTION_KEY" "$ENCRYPTED_CERT_FILE_PATH" | |
| gpg -d -o "$DECRYPTED_PROVISION_FILE_PATH" --pinentry-mode=loopback --passphrase "$PROVISIONING_ENCRYPTION_KEY" "$ENCRYPTED_PROVISION_FILE_PATH" | |
| security import "$DECRYPTED_CERT_FILE_PATH" -k "$KEYCHAIN" -P "$CERT_EXPORT_KEY" -A | |
| security set-key-partition-list -S apple-tool:,apple: -s -k "" "$KEYCHAIN" | |
| mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles" | |
| echo `ls .github/secrets/*.mobileprovision` | |
| for PROVISION in `ls .github/secrets/*.mobileprovision` | |
| do | |
| UUID=`/usr/libexec/PlistBuddy -c 'Print :UUID' /dev/stdin <<< $(security cms -D -i ./$PROVISION)` | |
| cp "./$PROVISION" "$HOME/Library/MobileDevice/Provisioning Profiles/$UUID.mobileprovision" | |
| done | |
| - name: Archive app | |
| run: | | |
| xcodebuild clean archive -project $XC_WORKSPACE -scheme $XC_SCHEME -configuration release -archivePath $XC_ARCHIVE -verbose | |
| - name: Export app | |
| run: | | |
| xcodebuild -exportArchive -archivePath $XC_ARCHIVE -exportOptionsPlist ExportOptions.plist -exportPath . -allowProvisioningUpdates -authenticationKeyID ${{ secrets.APPSTORE_API_KEY_ID }} -authenticationKeyIssuerID ${{ secrets.APPSTORE_ISSUER_ID }} | |
| - name: Upload app to TestFlight | |
| uses: apple-actions/upload-testflight-build@v1 | |
| with: | |
| app-path: 'pins.ipa' | |
| issuer-id: ${{ secrets.APPSTORE_ISSUER_ID }} | |
| api-key-id: ${{ secrets.APPSTORE_API_KEY_ID }} | |
| api-private-key: ${{ secrets.APPSTORE_API_PRIVATE_KEY }} |